How to get client Ip Address in Java
In Java, you can use HttpServletRequest.getRemoteAddr()
to get the client’s IP address that’s accessing your Java web application.
import javax.servlet.http.HttpServletRequest;
String ipAddress = request.getRemoteAddr();
1. Proxy Server or Cloudflare
For web application which is behind a proxy server, load balancer or the popular Cloudflare solution, you should get the client IP address via the HTTP request header X-Forwarded-For (XFF).
import javax.servlet.http.HttpServletRequest;
//...
private static String getClientIp(HttpServletRequest request) {
String remoteAddr = "";
if (request != null) {
remoteAddr = request.getHeader("X-FORWARDED-FOR");
if (remoteAddr == null || "".equals(remoteAddr)) {
remoteAddr = request.getRemoteAddr();
}
}
return remoteAddr;
}
2. Not working still?
Review the client’s HTTP request header, and try to identify where the IP address is stored.
private Map<String, String> getRequestHeadersInMap(HttpServletRequest request) {
Map<String, String> result = new HashMap<>();
Enumeration headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
String key = (String) headerNames.nextElement();
String value = request.getHeader(key);
result.put(key, value);
}
return result;
}
Sample request headers for web application behind Cloudflare.
"referer" :"https://www.google.com/",
"cf-ipcountry" :"US",
"cf-ray" :"348c7acba8a02210-EWR",
"x-forwarded-proto" :"https",
"accept-language" :"en-US,en;q=0.8",
"cookie" :"__cfduid=d3c6e5d73aa55b6b42fad9600c94849851490726068; _ga=GA1.2.450731937.1490726069",
"x-forwarded-for" :"100.8.204.40", // <------ This is client real IP
"accept" :"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"x-real-ip" :"108.162.219.236", // <------ This is cloudflare IP
"x-forwarded-server" :"hostingcompass.com",
"x-forwarded-host" :"hostingcompass.com",
"cf-visitor" :"{\"scheme\":\"https\"}",
"host" :"127.0.0.1:8080",
"upgrade-insecure-requests" :"1",
"connection" :"close",
"cf-connecting-ip" :"100.8.204.40",
"accept-encoding" :"gzip",
"user-agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
Note
Normally, before the web/proxy server forwards the request to the Java app server, it will store the real client IP request in a standard header name like
Normally, before the web/proxy server forwards the request to the Java app server, it will store the real client IP request in a standard header name like
x-forwarded-for
, if you can’t find the client IP in the entire request headers, try discussing it with your server administrator.
Hi
I am getting some Private IP when I am trying to get my own IP. Its working fine in local but in production giving private IP instaed of My IP with the below code.
String ipAddress = request.getHeader(“X-FORWARDED-FOR”);
why it is giving different IP instead of my IP in Production.
public static String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader(“X-Real-IP”);
if (null != ip && !””.equals(ip.trim())
&& !”unknown”.equalsIgnoreCase(ip)) {
return ip;
}
ip = request.getHeader(“X-Forwarded-For”);
if (null != ip && !””.equals(ip.trim())
&& !”unknown”.equalsIgnoreCase(ip)) {
// get first ip from proxy ip
int index = ip.indexOf(‘,’);
if (index != -1) {
return ip.substring(0, index);
} else {
return ip;
}
}
return request.getRemoteAddr();
}
i am getting output for the above code is 0:0:0:0:0:0:0:1, how to correct ip address from request object.
Please try with above code..
It works when deployed. On localhost it shows the 0:0:0:0:0:0:0:1 address you are seeing. Try it.
Hey Mkyong…i agree what you say about user behind the proxy server, but using “X-FORWARDED-FOR” didn’t help either. It is giving null. I am trying to get the real ip address of the client but its not working.
Only request.getRemoteAddr() gives some ip address but that ip address is not of the client its of the proxy server or the load balancer.
req.getHeader(“x-forwarded-for”);
hi srinu can u tell me how i shall be add this in project
Add this inside the try block:
InetAddress thisIp = InetAddress.getLocalHost();
out.println(“IP:” + thisIp.getHostAddress());
regards:
what if sb. spoof a XFF?
X-FORWARDED-FOR is not safe because client can owerwrite it in request. Best solution is good configured proxy server.
How do i call this function
Hi,
My setup is like
Squid reverse-proxy — sends request to–> Apache-server —.–> JBoss app server (using mod_jk)
I want to get the clients IP address in my java application, running in JBoss.
In my apache access.log, I can see the clients IP address (as the apache LogFormat is using X-Forwaded-For)
But
String ipAddress = request.getHeader(“X-FORWARDED-FOR”);
in Java returns NULL.
What could be the issue?
Could I be missing something in my mod_jk configuration ?
Thank you
Logs and review the entire request headers, to identify where the ip is stored.
Thanks ^^ It’s work for me.
Hmm… what about a case when that header has multiple IPs – this is a ‘legal’ case after all, even Wikipedia mentions that.
Would then that solution be applicable? (I’m under impression, that you’re assuming, that there is only one IP in that header).
Nice. Thanks.!!